[nsd-users] Notify refused, no acl matches
Daisuke HIGASHI
daisuke.higashi at gmail.com
Fri Jul 1 23:23:25 UTC 2022
Hi,
TSIG key to sign NOTIFY seems be missing in your BIND9 configuration.
( it should be
also-notify { Z.Z.Z.Z key upd_key; };
etc.)
NSD's allow-notify ACL with a TSIG key requests
- source IP address matches, and
- good TSIG signature by the key
for incoming NOTIFY messages.
> My authoritative server has the following configuration:
> -----------------------------------------------------------------------------
> options {
> ...
> also-notify {Z.Z.Z.Z;};
> -----------------------------------------------------------------------------
More information about the nsd-users
mailing list